Content Paint
Search
Sign in

Ivanti

Ivanti  | May 02, 2024
Gird your loins, there’s a new pre-auth RCE in Ivanti boxes landing
Gird your loins, there’s a new pre-auth RCE in Ivanti boxes landing

"Code execution in 0 seconds (3 seconds to be more accurate), no limitation, no authentication..."

 |  Cybersecurity  | Apr 21, 2024
MITRE attack strikes a NERVE after Ivanti to VMware pivot
MITRE attack strikes a NERVE after Ivanti to VMware pivot

"We did not detect… lateral movement into our VMware infrastructure. At the time we believed we took all the necessary actions to mitigate the vulnerability, but these actions were clearly insufficient.”

 |  Ivanti  | Feb 16, 2024
13,000 unpatched Ivanti appliances exposed as attacks escalate, firmware analysis shocks users.
13,000 unpatched Ivanti appliances exposed as attacks escalate, firmware analysis shocks users.

“Security” product shipped with a 13-year-old, unsupported base OS and software libraries with 973 vulnerabilities; 111 of which have publicly known exploits available.

News  | Feb 12, 2024
NCSC vuln management guide details why to update by default - and why not to
NCSC vuln management guide details why to update by default - and why not to

Business should own the risk - not the security team

Ivanti  | Feb 02, 2024
Ivanti 0day fest continues with fresh bugs, attacks, as CISA tells federal agencies "just disconnect"
Ivanti 0day fest continues with fresh bugs, attacks, as CISA tells federal agencies "just disconnect"

"Threat actors have recently developed workarounds to current mitigations and detection methods and have been able to exploit weaknesses, move laterally, and escalate privileges without detection..."

Cybersecurity  | Jan 16, 2024
Ivanti VPN appliance exploitation now happening at scale
Ivanti VPN appliance exploitation now happening at scale

VPN appliances "all appear to have been constructed with the code equivalent of string, stamped with the word ‘secure’ and then just left to decay for 20 years..."

vulnerabilities  | Jan 10, 2024
Pre-auth RCE zero days in Ivanti VPNs are being exploited by a Chinese APT and there won’t be a patch for weeks. Buckle up.
Pre-auth RCE zero days in Ivanti VPNs are being exploited by a Chinese APT and there won’t be a patch for weeks. Buckle up.

Attackers re-write JavaScript loaded by the VPN login page for the Appliance to capture credentials; also grabbed Veeam credentials, moved laterally for full SYSTEM control.

News  | Aug 22, 2023
MobileIron under active attack, admins warned to update
MobileIron under active attack, admins warned to update

Ivanti is warning of attacks on its MobileIron platform due to improper handling of APIs

0days  | Jul 31, 2023
Ivanti patches second EPMM zero-day
Ivanti patches second EPMM zero-day

Ivanti has kicked out an urgent patch for cve-2023-35081, a zero-day flaw in EPMM that is under active exploit in the wild

Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Great! You've successfully signed up.
Great! You've successfully signed up.
Welcome back! You've successfully signed in.
Success! You now have access to additional content.